Connect with us

Hi, what are you looking for?

Tech & Science

Why academic institutions remain especially vulnerable to cyberattacks

A survey of US college email domains revealed that less than one in ten institutions have implemented basic phishing and spoofing protection.

What is critical race theory and why are some lawmakers so afraid of it?
Leadership and diversity trainer Glenn Singleton addresses University of Texas at Austin students and community leaders at the Dolph Briscoe Center for American History at UT. Singleton is the creator of Courageous Conversation, a thought-provoking training protocol for interracial dialogue, and works to establish racial equality worldwide. Imge - LBJ Library - Public Domain (CC0 1.0)
Leadership and diversity trainer Glenn Singleton addresses University of Texas at Austin students and community leaders at the Dolph Briscoe Center for American History at UT. Singleton is the creator of Courageous Conversation, a thought-provoking training protocol for interracial dialogue, and works to establish racial equality worldwide. Imge - LBJ Library - Public Domain (CC0 1.0)

Academia remains a target for cyber-related incidences as cyber events in 2023 demonstrated, such as such as the University of Minnesota data breach. In this incident, a hacker on a dark web forum claimed to have access to 7 million Social Security numbers. Have highlighted  how ill-equipped many universities are against the threat of cybercrime.

This concern is backed up by a survey of US college and higher education email domains that revealed less than one in ten institutions have implemented basic phishing and spoofing protection.

The research was undertaken by the email security provider EasyDMARC and it reviewed the security policies of .edu email domains in relation to the U.S. These email domains are assigned to 1,930 US colleges and further education institutions.

EasyDMARC’s research found that only 152 (7.8 percent)  of US .edu domains have correctly implemented and configured security policies to flag, report, and remove outbound phishing emails. This is a very low figure and demonstrates the extent to the vulnerability faced by schools and colleges.

To gather representative data, the survey reviewed the deployment of the Domain-based Message Authentication, Reporting and Conformance (DMARC) standard among U.S. .edu domains.

First published in 2012, the DMARC standard enables the automatic flagging and removal of receiving emails which are impersonating senders’ domains, which is a crucial way to prevent outbound phishing and spoofing attempts.

The purpose and primary outcome of implementing DMARC is to protect a domain from being used in business email compromise attacks, phishing email, email scams and other cyber threat activities.

EasyDMARC’s research found that only 58 percent of U.S .edu domains had implemented the decade-old DMARC standard. The research also revealed an under-utilization of DMARC’s capabilities where it is deployed.

Even among the US .edu domains that had implemented DMARC, most are failing to use the tools effectively. For example, 76 percent of domains have their DMARC policies set to only monitor outgoing emails impersonating legitimate domains. A further 17 percent go slightly further in sending impersonating emails into quarantine, meaning 93 percent of even DMARC-using domains leave users vulnerable to still receiving phishing emails.

This creates a substantial risk or ransomware attacks, fraud, and  data breaches.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:

Tech & Science

Artificial intelligence built on mountains of potentially biased information has created a real risk of automating discrimination.

Entertainment

Kevin Costner launches his sprawling self-funded Western and Demi Moore returns in a gore-filled body horror.

World

For a decade, French former childcare worker Sophie Rollet carried out her own, lonely investigation to make Goodyear accountable.

Business

A stranded cargo ship that has been blocking one of America's busiest ports will be removed Monday.